I've been using Firefox 38.0 for quite some time now. The only issue I had was that all Youtube videos were tinted in blue, as if you had sunglasses on. My workaround was to open the Youtube URL using VLC.
When I saw that Firefox 41 is available, I decided to give it a try. I got a bunch of problems doing so, the subject of a different post (FreeBSD Bugzilla report here), but finally got it installed. With that version, all HTTP URL load fine. However, all HTTPS URL failed miserably. Wtf?
I deleted the cert8.db user profile file as suggested in a Mozilla troubleshooting page, but to no avail. I found the solution in this page here. It turns out to be a-bad-case-of-Mozilla-loving-you issue. They impose Certificate Authorities to be 100% by-the-book, and it's kind of unforgiving in this transition period. The info to work around this is spread all over, and it's a very time consuming learning curve. I guess that they want the end-user to complain to the websites' owners so they will have the security issue addressed sooner… I'm not that patient, and I don't tolerate this temporary artificial blocking mechanism. Read along for the shortcut.
So, when Firefox fails to load a HTTPS web page, you are presented an error that says what is happening, and optionally, the option to accept the certificate as is, under the I UNDERSTAND THE RISK section. If you understand the risk, feel free to use that feature for random websites that you trust & visit. When the feature is not even proposed, e.g. Google, you have to add their Certificate Authority in Firefox. In fact, if you know the risk, I recommend to always add the Certificate Authorities of big services like Facebook, Google, Vimeo, Ello, and even FreeBSD because these systems use a bunch of servers to generate a single web page. If you only authorise the local website certificate, its text may load, for example, but the graphic and formatting may be missing. Then, it looks like you got the mobile version of the website, but on your desktop.
The easy way to add a Certificate Authority to Firefox, is:
The Certificate Authorities I needed to add are:
Again, do this only if you understand the risk.
Dominique.
When I saw that Firefox 41 is available, I decided to give it a try. I got a bunch of problems doing so, the subject of a different post (FreeBSD Bugzilla report here), but finally got it installed. With that version, all HTTP URL load fine. However, all HTTPS URL failed miserably. Wtf?
I deleted the cert8.db user profile file as suggested in a Mozilla troubleshooting page, but to no avail. I found the solution in this page here. It turns out to be a-bad-case-of-Mozilla-loving-you issue. They impose Certificate Authorities to be 100% by-the-book, and it's kind of unforgiving in this transition period. The info to work around this is spread all over, and it's a very time consuming learning curve. I guess that they want the end-user to complain to the websites' owners so they will have the security issue addressed sooner… I'm not that patient, and I don't tolerate this temporary artificial blocking mechanism. Read along for the shortcut.
So, when Firefox fails to load a HTTPS web page, you are presented an error that says what is happening, and optionally, the option to accept the certificate as is, under the I UNDERSTAND THE RISK section. If you understand the risk, feel free to use that feature for random websites that you trust & visit. When the feature is not even proposed, e.g. Google, you have to add their Certificate Authority in Firefox. In fact, if you know the risk, I recommend to always add the Certificate Authorities of big services like Facebook, Google, Vimeo, Ello, and even FreeBSD because these systems use a bunch of servers to generate a single web page. If you only authorise the local website certificate, its text may load, for example, but the graphic and formatting may be missing. Then, it looks like you got the mobile version of the website, but on your desktop.
The easy way to add a Certificate Authority to Firefox, is:
- Open the web page on a different browser, I used Opera this time
- Take note of the certificate issuer, click the lock next to the URL, and view the certificate
- Go to the browser properties/options, in the certificate area, and export the Certificate Authority in a file
- Return to Firefox and import this file. Preferences - Advance - Certificates - View Certificates - Authorities - Import
- Reload your HTTPS web page.
The Certificate Authorities I needed to add are:
- Baltimore CyberTrust Root
- COMODO RSA Certification Authority
- DigiCert Global Root CA
- DigiCert High Assurance EV Root CA
- GeoTrust Global CA
- USERTrust RSA Certification Authority
- VeriSign Class 3 Server CA
Again, do this only if you understand the risk.
Dominique.
